http://www.slac.stanford.edu/grp/scs/net/talk10/diagnosis.pp SPACE Weather School: Basic theory & hands-on experience Network Problem Diagnosis for Non- networkers Les Cottrell – SLAC University of Helwan / Egypt, Sept 18 – Oct 3, 2010 Partially funded by DOE/MICS Field Work Proposal on Internet End-to-end Performance Monitoring (IEPM), also supported by IUPAP
40
Embed
Http:// SPACE Weather School: Basic theory & hands-on experience Network Problem Diagnosis for Non-
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
SPACE Weather School: Basic theory & hands-on experience
Network Problem Diagnosis for Non-
networkersLes Cottrell – SLAC
University of Helwan / Egypt, Sept 18 – Oct 3, 2010
Partially funded by DOE/MICS Field Work Proposal on Internet End-to-end Performance Monitoring (IEPM), also supported by IUPAP
Slide: 2Les Cottrell, SLAC
Overview
Goal: provide a practical guide to debugging common problems
Why is diagnosis difficult yet important? Local host Ping, Traceroute, PingRoute Looking at time series Locating bottlenecks Correlation of problems with routes More tools and problems Where is a node Who do you tell, what do you say? Case studies and More Information
Slide: 3Les Cottrell, SLAC
Why is diagnosis difficult?
Internet's evolution as a composition of independently developed and deployed protocols, technologies, and core applications
Diversity, highly unpredictable, hard to find “invariants” Rapid evolution & change, no equilibrium so far
Findings may be out of date Measurement/diagnosis not high on vendors list of priorities
Resources/skill focus on more interesting an profitable issues Tools lacking or inadequate Implementations are flaky & not fully tested with new releases
Slide: 4Les Cottrell, SLAC
Add to that … Distributed systems are very hard
A distributed system is one in which I can't get my work done because a computer I've never heard of has failed. Butler Lampson
Network is deliberately transparent The bottlenecks can be in any of the following components:
the applications the OS the disks, NICs, bus, memory, etc. on sender or receiver the network switches and routers, and so on
Problems may not be logical Most problems are operator errors, configurations, bugs
When building distributed systems, we often observe unexpectedly low performance
the reasons for which are usually not obvious Just when you think you’ve cracked it, in steps security
Firewall, NAT boxes etc. Block pings, traceroute looks like port scan, diagnostic tool ports are
blocked … ISPs worried about providing access to core, making results public, &
privacy issues
Slide: 5Les Cottrell, SLAC
Sources of problems
Host “errors” TCP buffers, heavy utilization …
Ethernet duplex and speed mismatch between your host and the network device
Misconfigured router/switches Including routing errors, especially for backup paths
Bad equipment, wiring/fiber problem Congestion
Slide: 6Les Cottrell, SLAC
First steps Command prompt, find out about network connection
ipconfig ? ipconfig
Default gives IP address, gateway/1st router, subnet mask of all your network devices (Ethernet, wireless, bluetooth…)
Make a note of the gateway
Icon at bottom right of screen Allows asking of questions and tries to provide assistance
Pinging mail.alex.edu.ca [67.215.65.132] with 32 bytes of data:
Reply from 67.215.65.132: bytes=32 time=80ms TTL=45
Reply from 67.215.65.132: bytes=32 time=85ms TTL=45
Reply from 67.215.65.132: bytes=32 time=83ms TTL=45
Reply from 67.215.65.132: bytes=32 time=90ms TTL=43
Ping statistics for 67.215.65.132:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 80ms, Maximum = 90ms, Average = 84ms
Size of packetRTTIP address of targettarget
Specify number pings
?
Try: ping –t, what use is ping -f
Slide: 8Les Cottrell, SLAC
C:\Users\cottrell>ping www.lbl.govPinging www.lbl.gov [128.3.41.105] with 32 bytes
of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 128.3.41.105: Packets: Sent = 4, Received = 0, Lost = 4 (100%
loss), Enable Telnet by following these steps:Start=>Control Panel=>Programs And Features=>Turn Windows features on or off=>Check Telnet ClientHit OK
Now try:16cottrell@pinger:~>telnet www.lbl.gov 80Blank screen web server waiting to talk to youHit ctrl ] and type exitCompare with another port (non existent
application)C:\Users\cottrell>telnet www.lbl.gov 1010Connecting To www.lbl.gov...Could not open
connection to the host, on port 1010: Connect failed
C:\Users\cottrell>
Anomalies
Pings blocked
Slide: 9Les Cottrell, SLAC
Diversion on ports Applications such as telnet (23), ssh (22) www (80,
443), DNS are assigned a “port” on the host Sometimes written as for example
www.slac.stanford.edu:80 See http://www.iana.org/assignments/port-numbers for
Geostationary Satellite linksEach bar represents min RTT for 1 countrySatellite flies 24k miles high, RTT~400msNote cut off between satellite and terrestrial
CountryMin
RT
T (
ms)
500400300200100
0
Terrestrial
Satellite
Slide: 14Les Cottrell, SLAC
Traceroute Rough algorithmRough traceroute algorithm ttl=1; #To 1st router port=33434; #Starting UDP port max=30; #default maximum number of hops
while hops <= maxhops & ttl<max {send UDP packet to host:port with ttlget response
if time exceeded note roundtrip timeelse if UDP port unreachable
print * next
print outputttl++; port++
}
Slide: 15Les Cottrell, SLAC
Traceroute (tracert on Windows)C:\Users\cottrell>tracert
gets helpC:\Users\cottrell>tracert -h 30 mail.alex.edu.egTracing route to mail.alex.edu.eg [193.227.16.29] over a maximum of 30 hops11 ms 1 ms 1 ms 10.13.11.12 1 ms <1 ms 1 ms 10.100.100.5331 ms <1 ms <1 ms 10.0.0.341 ms 1 ms 1 ms 81.21.100.1775 53 ms 12 ms 1 ms 10.181.28.336 2 ms 24 ms 2 ms 172.18.28.1177 5 ms 6 ms 6 ms 172.20.1.1628 6 ms 6 ms 8 ms 172.19.8.1069 * * * 10 6 ms 6 ms 6 ms mail.alex.edu.eg [193.227.16.29]
Try tracert www.lbl.govWhy do the first hops take so long to reply?
Traceroute from elsewhere Traceroute to remote host
Is the route direct, over commercial congested nets
Reverse traceroute from remote host to you or 3rd party www.slac.stanford.edu/comp/net/wan-mon/traceroute-srv.html www.tracert.com/ visualroute.visualware.com/ # requires Java
Warning Some Linux versions have bug that incorrectly IDs
cksum error on MPLS links. Make Pkt length>=140, else get checksum errors (not a problem, just annoying). e.g. on Linux traceroute www.slac.stanford.edu 140
Pathping en.wikipedia.org/wiki/PathPing Tracing route to mail.alex.edu.eg [193.227.16.29] over max 30 hops: 0 CDIV-PC83982.win.slac.stanford.edu [10.13.250.215]
Look at history plots (PingER, ISPs, own border router etc.), when did problem start, how big an effect is it? Assumes you know “proximity” of paths for which there are
archived active measurements to the path that you are interested in
Also that relevant measurements existwww-iepm.slac.stanford.edu/pinger/
Collaboration between Internet2/ESnet/Geant to provide access to router measurements holds promise
Moving towards application Is the server application listening:
telnet www.slac.stanford.edu 80Trying 134.79.18.188...Connected to www.slac.stanford.edu.Escape character is '^]'.^]telnet> quitConnection closed.
Try user application (mem to mem & disk to disk) GridFTP, bbcp, bbftp …
Iperf or thrulay (also provides RTT) to test TCP or UDP throughput dast.nlanr.net/Projects/Iperf/, www.internet2.edu/~shalunov/thrulay/
NDT (http://www.internet2.edu/performance/ndt/) What are the interface speeds?, What is the bottleneck? Is there a duplex mismatch?’ Are buffers set right (both ends)?
Strategy: divide & conquer Ping to localhost, ping to gateway & to remote host
Use IP address to avoid nameserver problems Look for connectivity, loss & RTT May need to run for a long time to see some pathologies
(e.g. bursty loss dues to DSL loss of sync) Use telnet host port to see if ping blocked
Traceroute to remote host Reverse traceroute from remote host to you Ping routers along route (mtr helps) Look at history plots (PingER), when did problem start,
how big an effect is it?• Look at own connectivity NDT (netspeed.stanford.edu)
Use a whois server (download www.gena01.com/win32whois/)www.networksolutions.com/cgi-bin/whois/whois (Americas & Africa)www.ripe.net/cgi-bin/whois (Europe)www.apnic.net/ (Asia)May identify site name, address, contact, etc, not all domains are in
“Where is” a host - cont. Visit site’s www server, often location in home page May be able to get lat & long form database:
www.geoiptool.com/ or via: geotool.flagfox.net/ http://www.hostip.info/index.html Networldmap determines geographical information by
acquiring location information from willing participants. http://www.ip2location.com/
But it is a subscriber service ($$$, but …), however it is probably best for developing regions
Quova has a large (2.4 Billion addresses) database of IP addresses to locations that they can provide access to for organizations, but must subscribe ($$$).
Triangulate pings from landmarks: www.slac.stanford.edu/grp/scs/net/talk10/geolocation.pptx
Local network support people Internet Service Provider (ISP) usually done by local networker
Usually will know immediate one, e.g. [email protected] Use puck.nether.net/netops/nocs.cgi to find ISP Use www.telstra.net/ops/bgp/bgp-as-upsstm.txt to find upstream ISPs
Well managed sites and ISPs maintain a list of email addresses such as abuse@ or postmaster@, that one can send email to, for example to complain about spam etc. This follows an Internet recommendation (RFC 2142). Some less helpful sites do not provide such services, for more on these,
type Globus/GSI wu-2.6.2 (gcc32dbg, 1069715860-42) ready.
^] telnet> quit
Slide: 37Les Cottrell, SLAC
Ping example
syrup:/home$ ping -c 6 -s 64 thumper.bellcore.com PING thumper.bellcore.com (128.96.41.1): 64 data bytes 72 bytes from 128.96.41.1: icmp_seq=0 ttl=240 time=641.8 ms 72 bytes from 128.96.41.1: icmp_seq=2 ttl=240 time=1072.7 ms 72 bytes from 128.96.41.1: icmp_seq=3 ttl=240 time=1447.4 ms 72 bytes from 128.96.41.1: icmp_seq=4 ttl=240 time=758.5 ms 72 bytes from 128.96.41.1: icmp_seq=5 ttl=240 time=482.1 ms --- thumper.bellcore.com ping statistics --- 6 packets transmitted, 5
packets received, 16% packet loss round-trip min/avg/max = 482.1/880.5/1447.4 ms
Repeat count Packet size Remote host
RTT
Missing seq #
Summary
Slide: 38Les Cottrell, SLAC
Traceroute
UDP/ICMP tool to show route packets take from local to remote host
17cottrell@flora06:~>traceroute -q 1 -m 20 lhr.comsats.net.pktraceroute to lhr.comsats.net.pk (210.56.16.10), 20 hops max, 40 byte packets 1 RTR-CORE1.SLAC.Stanford.EDU (134.79.19.2) 0.642 ms 2 RTR-MSFC-DMZ.SLAC.Stanford.EDU (134.79.135.21) 0.616 ms 3 ESNET-A-GATEWAY.SLAC.Stanford.EDU (192.68.191.66) 0.716 ms 4 snv-slac.es.net (134.55.208.30) 1.377 ms 5 nyc-snv.es.net (134.55.205.22) 75.536 ms 6 nynap-nyc.es.net (134.55.208.146) 80.629 ms 7 gin-nyy-bbl.teleglobe.net (192.157.69.33) 154.742 ms 8 if-1-0-1.bb5.NewYork.Teleglobe.net (207.45.223.5) 137.403 ms 9 if-12-0-0.bb6.NewYork.Teleglobe.net (207.45.221.72) 135.850 ms10 207.45.205.18 (207.45.205.18) 128.648 ms11 210.56.31.94 (210.56.31.94) 762.150 ms12 islamabad-gw2.comsats.net.pk (210.56.8.4) 751.851 ms13 * 14 lhr.comsats.net.pk (210.56.16.10) 827.301 ms
Probes/hopMax hops (20)
Remote host
No response:Lost packet or router
ignores
Long delaysatellite
location
Slide: 39Les Cottrell, SLAC
Pingroute Ping routers along route, e.g. a tool to install that helps:
www.slac.stanford.edu/comp/net/fpingroute.pl or www.slac.stanford.edu/comp/net/fpingroute.pl if fping avaialable
15cottrell@noric04:~>fpingroute.plfpingroute.pl does a traceroute to the selected host. For each of the hops along the route it then uses fping to ping each node (in parallel) 'count' times. Output includes traceroute information, RTTs, losses for 100 and 'size‘ byte pings.Version=0.21, 8/24/04Usage: fpingroute.pl [Opts] host where host is the remote host's IP address or name e.g. www.slac.stanford.edu Opts: [-c count default=10] [-s size default=1400] [-i initial default=1]Example: fpingroute.pl -i 3 -c 10 -s 1400 www.triumf.ca